Add Ansible playbook for bot migration to new server

- Add inventory.ini with server configuration - Add playbook.yml with complete migration process - Configure user 'deploy' with UID/GID 1001:1001 - Add SSH key setup for GitHub access - Add Docker group membership for deploy user - Include data migration from old server - Add port validation for all services
2025-09-09 22:22:31 +03:00
parent b34da5015d
commit 4981ae8877
2 changed files with 252 additions and 0 deletions
--- a/infra/ansible/inventory.ini
+++ b/infra/ansible/inventory.ini
@@ -0,0 +1,5 @@
+[new_server]
+#your-new-server-ip ansible_user=deploy
+
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3
--- a/infra/ansible/playbook.yml
+++ b/infra/ansible/playbook.yml
@@ -0,0 +1,247 @@
+---
+- name: Полная миграция ботов на новый сервер
+  hosts: new_server
+  become: yes
+
+  vars:
+    # Основная директория проекта
+    project_root: "/home/prod"
+    # Пользователь и группа
+    deploy_user: "deploy"
+    uid: "1001"
+    gid: "1001"
+    # Старый сервер для копирования данных
+    old_server: "root@77.223.98.129"
+    # Опция: пересоздавать папку /home/prod (по умолчанию — нет)
+    recreate_project: false
+
+  tasks:
+    - name: Обновить кэш пакетов
+      apt:
+        update_cache: yes
+
+    - name: Установить необходимые пакеты
+      apt:
+        name:
+          - docker.io
+          - docker-compose
+          - make
+          - git
+          - python3-pip
+          - curl
+          - sshpass
+          - rsync
+        state: present
+
+    - name: Включить и запустить Docker
+      systemd:
+        name: docker
+        enabled: yes
+        state: started
+
+    - name: Проверить существование пользователя deploy
+      getent:
+        database: passwd
+        key: "{{ deploy_user }}"
+      register: user_exists
+      failed_when: false
+
+    - name: Создать группу deploy с GID 1001
+      group:
+        name: "{{ deploy_user }}"
+        gid: "{{ gid }}"
+      when: not user_exists.exists
+
+    - name: Создать пользователя deploy с UID 1001 (если не существует)
+      user:
+        name: "{{ deploy_user }}"
+        uid: "{{ uid }}"
+        group: "{{ gid }}"
+        shell: /bin/bash
+        create_home: yes
+        system: no
+        groups: docker
+        append: yes
+      when: not user_exists.exists
+
+    - name: Настроить безопасный SSH
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: "^{{ item.regexp }}"
+        line: "{{ item.line }}"
+        backup: yes
+      loop:
+        - { regexp: "PermitRootLogin", line: "PermitRootLogin no" }
+        - { regexp: "PasswordAuthentication", line: "PasswordAuthentication no" }
+        - { regexp: "PubkeyAuthentication", line: "PubkeyAuthentication yes" }
+      notify: reload ssh
+
+    - name: Удалить /home/prod, если требуется (чистое развертывание)
+      file:
+        path: "{{ project_root }}"
+        state: absent
+      when: recreate_project | bool
+
+    - name: Создать директорию проекта /home/prod
+      file:
+        path: "{{ project_root }}"
+        state: directory
+        owner: "{{ deploy_user }}"
+        group: "{{ deploy_user }}"
+        mode: '0755'
+
+    - name: Настроить SSH ключи для GitHub
+      authorized_key:
+        user: "{{ deploy_user }}"
+        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+        state: present
+
+    - name: Настроить SSH config для GitHub
+      lineinfile:
+        path: "/home/{{ deploy_user }}/.ssh/config"
+        line: "Host github.com\n  StrictHostKeyChecking no\n  UserKnownHostsFile /dev/null"
+        create: yes
+        owner: "{{ deploy_user }}"
+        group: "{{ deploy_user }}"
+        mode: '0600'
+
+    - name: Клонировать основной репозиторий prod
+      git:
+        repo: git@github.com:KerradKerridi/prod.git
+        dest: "{{ project_root }}"
+        clone: yes
+        update: yes
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    - name: Клонировать AnonBot
+      git:
+        repo: git@github.com:KerradKerridi/AnonBot.git
+        dest: "{{ project_root }}/bots/AnonBot"
+        clone: yes
+        update: yes
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    - name: Клонировать telegram-helper-bot
+      git:
+        repo: git@github.com:KerradKerridi/telegram-helper-bot.git
+        dest: "{{ project_root }}/bots/telegram-helper-bot"
+        clone: yes
+        update: yes
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    - name: Копировать .env для telegram-helper-bot со старого сервера
+      synchronize:
+        src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/.env"
+        dest: "{{ project_root }}/bots/telegram-helper-bot/.env"
+        mode: pull
+      delegate_to: localhost
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    - name: Копировать БД для telegram-helper-bot
+      synchronize:
+        src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db"
+        dest: "{{ project_root }}/bots/telegram-helper-bot/database/"
+        mode: pull
+      delegate_to: localhost
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    - name: Копировать voice_users для telegram-helper-bot
+      synchronize:
+        src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/voice_users/"
+        dest: "{{ project_root }}/bots/telegram-helper-bot/voice_users/"
+        mode: pull
+      delegate_to: localhost
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    - name: Копировать .env для AnonBot
+      synchronize:
+        src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/.env"
+        dest: "{{ project_root }}/bots/AnonBot/.env"
+        mode: pull
+      delegate_to: localhost
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    - name: Копировать БД для AnonBot
+      synchronize:
+        src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/database/anon_qna.db"
+        dest: "{{ project_root }}/bots/AnonBot/database/"
+        mode: pull
+      delegate_to: localhost
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    - name: Установить права на скопированные файлы
+      file:
+        path: "{{ item }}"
+        owner: "{{ deploy_user }}"
+        group: "{{ deploy_user }}"
+        mode: '0644'
+      loop:
+        - "{{ project_root }}/bots/telegram-helper-bot/.env"
+        - "{{ project_root }}/bots/telegram-helper-bot/database/tg-bot-database.db"
+        - "{{ project_root }}/bots/telegram-helper-bot/voice_users"
+        - "{{ project_root }}/bots/AnonBot/.env"
+        - "{{ project_root }}/bots/AnonBot/database/anon_qna.db"
+      become: yes
+
+    - name: Запустить ботов через make up
+      command: make up
+      args:
+        chdir: "{{ project_root }}"
+      become: yes
+      become_user: "{{ deploy_user }}"
+
+    # --- НОВОЕ: Проверка портов ---
+    - name: Пауза на 30 секунд — дать контейнерам запуститься
+      pause:
+        seconds: 30
+
+    - name: Проверить, что порт 8080 (Telegram Bot) открыт
+      wait_for:
+        port: 8080
+        host: "{{ ansible_host }}"
+        timeout: 30
+        state: started
+      delegate_to: localhost
+
+    - name: Проверить, что порт 8081 (AnonBot) открыт
+      wait_for:
+        port: 8081
+        host: "{{ ansible_host }}"
+        timeout: 30
+        state: started
+      delegate_to: localhost
+
+    - name: Проверить, что порт 9090 (Prometheus) открыт
+      wait_for:
+        port: 9090
+        host: "{{ ansible_host }}"
+        timeout: 30
+        state: started
+      delegate_to: localhost
+
+    - name: Проверить, что порт 3000 (Grafana) открыт
+      wait_for:
+        port: 3000
+        host: "{{ ansible_host }}"
+        timeout: 30
+        state: started
+      delegate_to: localhost
+
+    - name: Проверка запуска ботов завершена — всё работает 🟢
+      debug:
+        msg: "Все сервисы запущены и слушают нужные порты."
+
+  # handler для перезагрузки SSH
+  handlers:
+    - name: reload ssh
+      systemd:
+        name: ssh
+        state: reloaded